Table of Contents
Advertisement
Table 11-11 describes the configuration parameters of the
SigningAlgorithmConstraints
Table 11-11 SigningAlgorithmConstraintsConfiguration Parameters
Parameter
Description
Specifies whether the rule is enabled or disabled. Select to enable (default), deselect to
enable
disable.
Specifies the predicate expression for this rule. If you want this rule to be applied to
predicate
all certificate requests, leave the field blank (default). To form a predicate expression,
see "Using Predicates in Policy Rules" on page 483.
Specifies the signature algorithm the server should use to sign certificates.
algorithms
Permissible values: Depends on the CA's signing key type (the key type you chose for
the Certificate Manager's CA signing certificate).
• If the key type is RSA, select one of the following:
• If the key type is DSA, select SHA1withDSA.
SubCANameConstraints
The
SubCANameConstraints
subordinate CA certificate that has the same issuer name as that of the CA
itself—that is, the policy prevents a situation where the signing certificates of a CA
and its subordinate CA have identical issuer names.
This policy must be turned on if you're planning to issue subordinate CA
certificates. Whenever the Certificate Manager issues a certificate, it stores the
related information in its internal database; if the CA issues a subordinate CA
certificate with an issuer DN that matches its own issuer DN, the internal database
will not function properly.
You may apply this policy to CA certificate enrollment and renewal requests.
- MD2withRSA,MD5withRSA,SHA1withRSA
MD2withRSA,MD5withRSA
- MD2withRSA,SHA1withRSA
- MD5withRSA,SHA1withRSA
- MD2withRSA
MD5withRSA
- SHA1withRSA
The default value is MD2withRSA,MD5withRSA,SHA1withRSA.
policy.
plug-in module restricts a CA from issuing a
Constraints-Specific Policy Module Reference
Chapter 11
Policies
503
Advertisement
Table of Contents
